<?php
/**
 * Created by PhpStorm.
 * User: dehong
 * Date: 2016/9/30
 * Time: 17:12
 */
session_start();
// 定义个常量，用来调用includes里面的文件
define('IN_TG',true);
// 用来指定本页内容
define('SCRIPT','flower');
// 引入公共文件
require dirname(__FILE__).'/includes/common.inc.php'; // 转换成硬路径,速度更快
// 判断是否登录了
if(!isset($_COOKIE['username'])){
    _alert_close('请先登录!');
}
// 送花
if(@$_GET['action']=='send'){
    _check_code($_POST['code'],$_SESSION['code']);
    if(!!$_rows = _query("SELECT tg_uniqid FROM tg_user WHERE tg_username='{$_COOKIE['username']}' LIMIT 1")) {
        // 为了防止cookie伪造，还要对比一下唯一标识符uniqid()
        _uniqid($_rows['tg_uniqid'],$_COOKIE['uniqid']);
        include ROOT_PATH.'includes/check.func.php';
        $_clean = array();
        $_clean['touser'] = $_POST['touser'];
        $_clean['fromuser'] = $_COOKIE['username'];
        $_clean['flower'] = $_POST['flower'];
        $_clean['content'] = _check_content($_POST['content']);
        $_clean = _mysql_string($_clean);
        // 写入表
        $_sql = "INSERT INTO tg_flower (tg_touser,tg_fromuser,tg_flower,tg_content,tg_date) VALUES (:touser,:fromuser,:flower,:content,:date)";
        $stmt = $GLOBALS['dbh']->prepare($_sql); // 进行预处理
        $data = array(
            ':touser' => $_clean['touser'],
            ':fromuser' => $_clean['fromuser'],
            ':flower' => $_clean['flower'],
            ':content' => $_clean['content'],
            ':date' => time(),
        );
        $stmt->execute($data) or die('SQL执行错误!'); // 执行，放入参数
        // 新增成功
        if($stmt->rowCount() == 1){
            $GLOBALS['dbh'] = null;
            //_session_destory();
            _alert_close('送花成功!');
        } else {
            $GLOBALS['dbh'] = null;
            //_session_destory();
            _alert_back('送花失败！');
        }
    }else{
        _alert_back('非法登陆!');
    }
}
// 获取数据
if(isset($_GET['id'])){
    if(!!$_rows = _query("SELECT tg_username FROM tg_user WHERE tg_id='{$_GET['id']}'")){
        $_html = array();
        $_html['touser'] = $_rows['tg_username'];
        $_html = _html($_html);
    }else{
        _alert_close('不存在此用户!');
    }
}else{
    _alert_close('非法操作!');
}
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <?php require ROOT_PATH.'includes/title.inc.php'; ?>
    <script type="text/javascript" src="js/code.js"></script>
    <script type="text/javascript" src="js/message.js"></script>
</head>
<body>

<div id="message">
    <h3>送花</h3>
    <form action="?action=send" method="post">
        <input type="hidden" name="touser" value="<?php echo $_html['touser'];?>">
        <dl>
            <dd>
                <input type="text" readonly="readonly" value="TO:<?php echo $_html['touser'];?>" class="text">
                <select name="flower">
                    <?php
                        foreach(range(1,100) as $_num){
                            echo '<option value="'.$_num.'">x'.$_num.'朵</option>';
                        }
                    ?>
                </select>
            </dd>
            <dd><textarea name="content">灰常的欣赏你，给你送花啦~~~</textarea></dd>
            <dd>验 证 码：<input type="text" name="code" class="text yzm" /><img src="code.php" alt="验证码" id="code" /><input type="submit" class="submit" value="送花"></dd>
        </dl>
    </form>
</div>

</body>
</html>